From 5a7bc8fd17cd28e400d2a1ccb876cdcdabc588a0 Mon Sep 17 00:00:00 2001 From: Andre Zoledziowski Date: Mon, 21 Jan 2019 14:02:01 +0100 Subject: [PATCH] Added explicit "allow restarts" permission. --- Dockerfile | 3 ++- haproxy.cfg | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0a6d35e..8d7a62b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ FROM haproxy:1.9-alpine EXPOSE 2375 -ENV AUTH=0 \ +ENV ALLOW_RESTARTS=0 \ + AUTH=0 \ BUILD=0 \ COMMIT=0 \ CONFIGS=0 \ diff --git a/haproxy.cfg b/haproxy.cfg index 3a5c677..fa85fb4 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -42,6 +42,7 @@ backend dockerbackend frontend dockerfrontend bind :2375 http-request deny unless METH_GET || { env(POST) -m bool } + http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }